Intel Security CenterINTEL:INTEL-SA-00892Intel® NUC Kit and Mini PC BIOS Firmware Advisory
Summary:
Potential security vulnerabilities in some Intel® NUC Kit and Mini PC BIOS firmware may allow escalation of privilege or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
Vulnerability Details:
CVEID: CVE-2022-37336
Description: Improper input validation in BIOS firmware for some Intel® NUC may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.9 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVEID: CVE-2023-29494
Description: Improper input validation in BIOS firmware for some Intel® NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2023-27887
Description: Improper initialization in BIOS firmware for some Intel® NUCs may allow a privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
CVEID: CVE-2023-29500
Description: Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel® NUCs may allow a privilege user to potentially enable information disclosure via local access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products:
| Product | Download Link | CVE ID |
|---|---|---|
| Intel® NUC Boards: |
NUC11TNBi3, NUC11TNBi30Z, NUC11TNHi3,
NUC11TNHi30L, NUC11TNHi30P, NUC11TNHi30Z,
NUC11TNKi3, NUC11TNKi30Z.
NUC11TNBi5, NUC11TNBi50Z, NUC11TNHi5,
NUC11TNHi50L, NUC11TNHi50W, NUC11TNHi50Z,
NUC11TNKi5, NUC11TNKi50Z.
NUC11TNBi7, NUC11TNBi70Z, NUC11TNHi7,
NUC11TNHi70L, NUC11TNHi70Q, NUC11TNHi70Z,
NUC11TNKi7, NUC11TNKi70Z. | TNTGL357 | CVE-2023-27887
CVE-2023-29494
Intel® NUC Performance Kit, Intel® NUC Performance Mini PC:
NUC10i3FNH, NUC10i3FNHF, NUC10i3FNHFA,
NUC10i3FNHJA, NUC10i3FNHN, NUC10i3FNK,
NUC10i3FNKN.
NUC10i5FNH, NUC10i5FNHCA, NUC10i5FNHF,
NUC10i5FNHJA, NUC10i5FNHJ, NUC10i5FNHN,
NUC10i5FNK, NUC10i5FNKN, NUC10i5FNKPA,
NUC10i5FNKP.
NUC10i7FNH, NUC10i7FNHAA, NUC10i7FNHC,
NUC10i7FNHJA, NUC10i7FNHN, NUC10i7FNK,
NUC10i7FNKN, NUC10i7FNKP, NUC10i7FNKPA.
| FNCML357 | CVE-2022-37336
Intel® NUC 11 Performance Kit, Intel NUC 11 Performance Mini PC:
NUC11PAHi3, NUC11PAHi30Z, NUC11PAKi3.
NUC11PAHi5, NUC11PAHi50Z, NUC11PAKi5,
NUC11PAQi50WA.
NUC11PAHi7, NUC11PAHi70Z, NUC11PAKi7,
NUC11PAQi70QA. | PATGL357 | CVE-2023-29500
Recommendations:
Intel recommends that users update to the latest BIOS firmware version (see provided table).
Acknowledgements:
The following issues were found internally by Intel employees (CVE-2023-29494) (CVE-2023-27887) (CVE-2023-29500).
Intel would like to thank Edward Calf (CVE-2022-37336) for reporting these issues.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.
Related
